Privacy and safety
This page records the current regulatory check for this public research site. It is a static information site, not a forum, case-upload portal, user-review platform, search engine, advice service, or evidence inbox.
Current status
The public pages do not ask visitors to create accounts, upload evidence, post comments, leave reviews, send private case files, or message other users. That matters because privacy, evidence safety, defamation, and Online Safety Act risk increase sharply when a site starts collecting or hosting user material.
The Terms & Scope page records the hard exclusions: no contact forms, evidence uploads, case triage, analytics, accounts, visitor reports, named private allegations, or sensitive evidence routes.
ICO and PECR
The site should explain any visitor data use in plain language, avoid unnecessary cookies, and keep private case evidence off the public website.
The Cloudflare Web Analytics beacon has been removed from the public pages. The current build does not run an analytics script, visitor-account script, advertising pixel, or public case-submission form.
Open bibliographyThe current public build does not set a site cookie for analytics or visitor accounts. ICO guidance says PECR applies to cookies and similar technologies, and that non-essential cookies generally need consent unless an exemption applies. Recheck this before adding analytics, embeds, ads, forms, newsletters, or third-party scripts.
ICO cookies and similar technologiesThe site is deployed through Cloudflare Pages and uses Cloudflare for security and delivery infrastructure. Hosting still involves normal infrastructure processing, but the public pages no longer include Cloudflare's analytics beacon. Do not add any feature that collects visitor messages or case files until a full privacy route and retention rule exist.
Cloudflare privacy policyNames, addresses, vehicle registrations, claim numbers, medical evidence, disability evidence, hardship evidence, screenshots of letters, and court papers should not be published unless redacted, necessary, evidenced, and consented where needed.
Open evidence policyThe website itself is not a place to send private ticket evidence. Any future private submission route would need a named purpose, privacy information, security controls, deletion route, and a decision about whether it changes Online Safety Act scope.
Use templates without uploading evidenceOfcom and Online Safety Act
The Online Safety Act covers user-to-user services, search services, and provider-published pornography. This site publishes provider-written research pages and does not let users upload, share, message, comment, review, or search multiple websites.
| Feature | Current site position | Regulatory note |
|---|---|---|
| User-to-user content | Not present. No public comments, user reviews, account posts, uploads, or messaging. | Ofcom guidance is aimed at regulated user-to-user services where users can encounter content generated, uploaded, or shared by other users. |
| Search service | Not present. There is no site search and no search engine across multiple websites or databases. | Ofcom says an internal search of one website is not treated as providing a search service. |
| Pornographic content | Not present. | The site should keep this out of scope. Do not add adult material, age-restricted content, or image uploads. |
| Case submission | Not present. | If an upload form, inbox, forum, comments, or public case wall is added, repeat this assessment before launch. |
Sources: Online Safety Act explanatory notes, Ofcom compliance guide, and Ofcom Regulation Checker.
Future trigger list
These are the changes that would need a fresh privacy, safety, and legal review before they go live.
User comments, star ratings, reviews, forum posts, or public case stories could create Online Safety Act, moderation, defamation, and personal-data duties.
Case uploads can contain names, addresses, vehicle registrations, health data, disability data, debt details, and court documents. A full privacy notice, retention rule, security route, and consent process would be needed first.
A tool that searches multiple websites, displays third-party content, or lets users generate public content needs a fresh Ofcom and data-protection assessment before launch.
Email collection would need clear privacy information, retention limits, unsubscribe controls, and direct-marketing/PECR checks before any form appears.
Publication discipline
| Risk | Publication rule | Why it matters |
|---|---|---|
| Private motorist evidence | Aggregate first. Redact if a case detail is necessary. Avoid names, addresses, claim numbers, and registration marks. | The project is about system patterns, not exposing motorists. |
| Staff or individual targeting | Use company-level and official-register evidence. Avoid personal targeting unless a named person is central to an official filing and the wording is proportionate. | The audit should not mirror the pressure culture it is investigating. |
| Special category data | Do not publish medical, disability, neurodivergence, hardship, or vulnerability details unless there is a clear public-interest reason and safer wording is not enough. | ICO research guidance treats sensitive data as requiring greater care and safeguards. |
| Changed sources | Keep public links in the bibliography and keep screenshots/backups off-server with dates and redaction. | Evidence integrity should not require exposing private files. |
Official checks used